Are you running in permissive mode. I believe most of these would be
prevented in enforcing mode. Putting the code in enforcing will might
cause a dontaudit to happen which causes the application to go a
different code patch. So for instance if I do a ls
/etc/selinux/targeted/ I might get a Denial of search on the directory
and ls will stop. But in permissive mode, I would get the search
denial plus all the reads of the files under neath it. So we only
care about AVC messages in enforcing mode.